What is Identity?
Identity in the Camunda 8 stack is handled by two distinct components: Identity for Orchestration clusters, and Identity for Web Modeler and Console. In both cases, Identity is responsible for managing authentication and authorization within the Camunda 8 stack, but each implementation requires different configurations. In the case of Web Modeler and Console, Identity must be set up independently.
For more information on these differences, see the Self-Managed reference architecture.
Identity for Orchestration clusters
Identity is included by default in the Orchestration cluster, and does not require any external dependencies. For more information, see the Identity configuration options.
Identity for Web Modeler and Console
For Web Modeler and Console deployments, Identity runs as a separate and dedicated component. For more information, see the guides on using an existing Keycloak instance, and connecting to an OIDC provider.
Once deployed, Identity manages the following in Web Modeler and Console:
- Applications
- APIs
- Permissions
- Roles
For example, using Identity you can:
- Add and assign a role to a user, which is a way to group sets of permissions which can be assigned to users using the Identity UI.
- Add and assign a permission to a role to control the level of access a user or an application has to a particular component.
- Create a group to apply a set of roles and authorizations to users.
- Manage resource authorizations to control resource access within the Identity application.
- Utilize configuration variables.